Uploaded image for project: 'Puppet'
  1. Puppet
  2. PUP-6413

Pip provider fails when using ensure => latest

    XMLWordPrintable

Details

    • Bug
    • Status: Closed
    • Normal
    • Resolution: Fixed
    • PUP 3.8.7, PUP 4.5.2
    • PUP 3.8.8, PUP 4.6.0
    • None
    • None
    • 0
    • Client 2016-06-29, Client 2016-08-10
    • Reviewed
    • Bug Fix
    • Puppet now correctly connects to Pypi when managing packages with pip

    Description

      Pypi changed behaviour today because of vulnerabilities in urrlib, which
      is used by pip.

      http://blog.blindspotsecurity.com/2016/06/advisory-http-header-injection-in.html

      Pypi changed to denying http requests entirely instead of redirecting to
      https. (I guess? I don't really understand)

      Without this patch:

      root@derpderp:~# cat foo.pp
      package

      { 'diskimage-builder': ensure => latest, provider => pip, }

      root@derpderp:~# puppet apply foo.pp
      Warning: Setting templatedir is deprecated. See http://links.puppetlabs.com/env-settings-deprecations
      (at /usr/lib/ruby/vendor_ruby/puppet/settings.rb:1139:in `issue_deprecation_warning')
      Notice: Compiled catalog for derpderp in environment production in 0.14 seconds
      Error: Could not get latest version: HTTP-Error: 403 Must access using HTTPS instead of HTTP
      Error: /Stage[main]/Main/Package[diskimage-builder]/ensure: change from 1.17.0 to latest failed: Could not get latest version: HTTP-Error: 403 Must access using HTTPS instead of HTTP
      Notice: Finished catalog run in 0.67 seconds

      So this breaks any puppet 3.x using the default pip provider.

      With this patch, it just works.

      Attachments

        Issue Links

          Activity

            People

              Unassigned Unassigned
              nibalizer Spencer Krum
              Votes:
              3 Vote for this issue
              Watchers:
              8 Start watching this issue

              Dates

                Created:
                Updated:
                Resolved:

                Zendesk Support